Link to home
Start Free TrialLog in
Avatar of cobmo
cobmoFlag for United States of America

asked on

Exchange 2010 expried certificate

I have an expired certificate on the Exchange server.  It overlapped with a more recent certificate I bought and added more servers to.  So I currently have a valid certificate for Exchange.  I need to delete the old one obviously.  When I delete it, will it impact any of my users that may be using it? or do they automatically transfer to the new certificate?  Do they get a certificate prompt?  
I guess I just want to know if deleting the expired cert will affect any users.
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

I have a couple of questions...

- has the new certificate been installed on all of your CAS servers?
- if the above is true you still need to ENABLE the certificate and assign it services (use the below command)

Run this command on every CAS server that has the new certificate installed
Get-ExchangeCertificate | FL

Enable- ExchangeCertificate -ThumbPrint xxxxxxxxxxxxxxxxx -services "pop,imap,smtp,iis"

Open in new window


Click Y to accept the changes. This new certificate will now become the default and will be used for all of your virtural directories OWA/EAS etc.

You can then remove the other 3rd party SSL cert using the below command...
Remove-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx

Open in new window


Press Y to confirm the changes.

Will.
Avatar of cobmo

ASKER

I do not have a CAS server. Can I do it from the gui?
I do not have a CAS server. Can I do it from the gui?

I am sure you do have an Exchange server that does have the CAS role. Do you have a single Exchange server? If you do then that server is likely holding all of the roles. In that case you will need to run the commands that i have illustrated above.

Will.
Avatar of cobmo

ASKER

Also, the Exchange Certificates shows it as "The certificate is valid for Exchange server usage".  The other one just says "Expired".  When I log onto OWA, the certificate for me shows the newer certificate.  I don't know why I think the expired cert would still be used by a user.....
ASKER CERTIFIED SOLUTION
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of cobmo

ASKER

There is an Exchange self signed certificate that has expired and is self signed (true).  Do I leave that one alone?
Self Signed Certs should not be removed. Only 3rd party SSL certs can be removed.

To renew a self-signed cert use New-ExchangeCertificate cmdlet.

Other than that you should be fine.

Will.